Deeplinks Blog posts about Cell Tracking

Across the country, a vigorous debate is taking place in federal and state courthouses about how privacy protections should apply to modern technologies. One of the most spirited issues in this debate is whether the Fourth Amendment requires law enforcement to get a warrant to track a person’s location via their cell phone. This week EFF filed two new amicusbriefs that answer that question with a resounding yes.

Did you just buy a shiny new smartphone loaded with the newest and greatest features to have conversations throughout the day, wherever you are? While your phone’s capabilities are distinctly modern, a new decision in United States v. Davis allowing police to get without a warrant records of which cell tower your phone connects to ensures that a key privacy protection you should have when using your phone is stuck in 1979.

With more than 38-million people and some of the largest technology companies in the world calling California home, the Golden State should be a leader in safeguarding electronic privacy. For years the state’s constitution has provided greater privacy protection than the Fourth Amendment. But when it comes to electronic privacy, the state has lagged behind, even as other states, such as Texas and Maine, have passed legislation to protect everything from the contents of email to the detailed location information generated by our phones.

Verizon advertising partner Turn has been caught using Verizon Wireless's UIDH tracking header to resurrect deleted tracking cookies and share them with dozens of major websites and ad networks, forming a vast web of non-consensual online tracking. Explosive research from Stanford security expert Jonathan Mayer shows that, as we warned in November, Verizon's UIDH header is being used as an undeletable perma-cookie that makes it impossible for customers to meaningfully control their online privacy.

Mayer's research, described in ProPublica, shows that advertising network and Verizon partner Turn is using the UIDH header value to re-identify and re-cookie users who have taken careful steps to clear their cookies for privacy purposes. This contradicts standard browser privacy controls, users' expectations, and Verizon's own claims that the UIDH header won't be used to track users because it changes periodically.

2014 has seen a flurry of events surrounding the issues of privacy and security when it comes to mobile devices. Here are some highlights.

EFF started the year by releasing HTTPS Everywhere on Firefox for Android. Before, HTTPS Everywhere could only protect web browsing on desktop platforms, but with the release of HTTPS Everywhere for Firefox for Android, that same protection became available for Android devices as well.